Coinbase, one of the biggest cryptocurrency exchanges by trading volume, has disclosed a major issue with customer registration. Just a few days ago, the crypto exchange emailed 3,420 customers informing them about an issue with some registration details being stored in clear text on the logs of Coinbase’s internal server, affecting hundreds of customers who now must change their passwords.
According to a blog post published by Coinbase, the exchange was able to fix the problem, updating their platform, and is now confident that the data involved in the issue was not “improperly accessed, misused, or compromised.”
This issue extended to even saving some users’ credentials as a result of a rare signup error. The error would deny users their registration but still save their private information, such as username, email address and even the proposed password and state of residence.
Coinbase was quick to inform that only 3,420 accounts had been compromised by the bug, and proposed users to urgently change their passwords. The exchange also ensured customers that no other data was recorded in their logging system and that their system remains secure.
In the blog post, Coinbase specified how after identifying the bug, they fixed the error and traced back all the places where these logs ended up. Their internal logging system is hosted on Amazon Work Station (AWS) and other log analysis service providers; which were all analyzed showing the information remained secure. Furthermore, Coinbase triggered a password reset for affected customers to guarantee they change their passwords.
Coinbase reassures customers that they maintain high standards for securing their platform, and anytime there’s some sort of threat, they mobilize a team to figure out the issue and prevent it from ever happening again. They also maintain an active bug bounty program on HackerOne, which has reportedly paid over $250,000 un bounties for bugs discovered by users.